(credit: D J Shin)

New data shows that the majority of robot-enabled scam phone calls came from fewer than 40 call centers, a finding that offers hope the growing menace of robocalls can be stopped.

The calls use computers and the Internet to dial thousands of phone numbers every minute and promote fraudulent schemes that promise to lower credit card interest rates, offer loans, and sell home security products, to name just a few of the scams. Over the past decade, robocall complaints have mushroomed, with the Federal Trade Commission often receiving hundreds of thousands of complaints each month. In 2013, the consumer watchdog agency awarded $50,000 to three groups who devised blocking systems that had the potential to help end the scourge. Three years later, however, the robocall problem seems as intractable as ever.

On Thursday at the Black Hat security conference in Las Vegas, a researcher said that slightly more than half of more than 1 million robocalls tracked were sent by just 38 telephony infrastructures. The relatively small number of actors offers hope that the phenomenon can be rooted out, by either automatically blocking the call centers or finding ways for law enforcement groups to identify and prosecute the operators.

Read 6 remaining paragraphs | Comments


Enlarge / Apple will soon begin offering bounties for bugs found in some of its hardware and software. (credit: Andrew Cunningham)

As part of a security presentation given at this year's Black Hat conference, Apple today announced that it would be starting up a bug bounty program in the fall. The program will reward security researchers who uncover vulnerabilities in Apple's products and bring them to the company's attention. Google, Microsoft, Facebook, and many other companies have offered bug bounty programs for some time now, but this is Apple's first.

For now, Apple is intentionally keeping the scope of the program small. It will initially be accepting bug reports from a small group of a few dozen security researchers it has worked with in the past. For now, bounties are only being offered for a small range of iDevice and iCloud bugs. The full list is as follows:

  • Secure boot firmware components: Up to $200,000 (~£150,000)
  • Extraction of confidential material protected by the Secure Enclave: Up to $100,000.
  • Execution of arbitrary code with kernel privileges: Up to $50,000.
  • Access from a sandboxed process to user data outside of that sandbox: Up to $25,000.
  • Unauthorized access to iCloud account data on Apple servers: Up to $50,000.

As the program continues and Apple works the, um, bugs out of its processes, the company will expand the list of eligible security researchers as well as the list of hardware and software bugs for which bounties are offered.

Read 4 remaining paragraphs | Comments

Apple tvOS/Mac OS X/iOS CVE-2016-1801 Information Disclosure Vulnerability
Docker Swarmkit Local Denial of Service Vulnerability
Cisco IOS Software CVE-2016-1478 Remote Denial of Service Vulnerability
Multiple Citrix Products CVE-2016-6493 Memory Permission Security Weakness
Stored Cross-Site Scripting vulnerability in Count per Day WordPress Plugin
Cross-Site Scripting in Count per Day WordPress Plugin
Cross-Site Scripting in FormBuilder WordPress Plugin
Cross-Site Scripting vulnerability in Events Made Easy WordPress plugin
Python priority CVE-2016-6580 Remote Denial of Service Vulnerability
NASdeluxe NDL-2400r Product Remote Command Injection Vulnerability

(credit: Blue Coat)

Large UK companies are amongst the hardest hit by ransomware in western countries according to a new report that found that more than half had been affected by it—and that nine percent had been left "entirely unable to operate."

Ransomware is clearly a growth industry in Britain; 58 percent of IT directors in this country have paid ransoms in the past, and the UK experiences more attacks than the Canada, Germany, and the US, where bosses are 21 times less likely to give in to hackers' demands.

Ransomware is malicious software which locks users out of key files or their entire system using tough encryption until the owner pays up. It's a relatively simple scam, and according to Malwarebytes, who commissioned the report, gaining rapidly in popularity. The vast majority of attacks are coming through an endpoint, with 46 percent originating from an e-mail.

Read 5 remaining paragraphs | Comments


We started to see a surge in attempts to exploit a well known back door in Netisrouters. The backdoor was first described in 2014 by TrendLabs [1]. Netis routers are used predominantly in China, but can occasionally be found in other parts of the world.

Exploitation of the backdoor is easy: Any payload sent to %%port:53413%%/UDP is automatically executed. Various exploit tools for this issue are available, but probably all you need is netcat
rm -rf *.

bins.sh attempts to download some files compiled for the MIPS platform, which matches the affective Netis routers. Downloads are slow, indicating that the server delivering them may be rather busy, but the IP address above is not the only IP address seen in thse attacks. But att his point, it is highly unlikely that any vulnerable devices are still unexploited.


Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Mozilla Firefox Multiple Security Vulnerabilities
[SYSS-2016-065] NASdeluxe NDL-2400r: OS Command Injection
FortiManager (Series) - (Bookmark) Persistent Vulnerability
FortiAnalyzer & FortiManager - Client Side Cross Site Scripting Web Vulnerability
Cross-Site Scripting in WordPress Landing Pages Plugin
Cross-Site Scripting in Activity Log WordPress Plugin
Cross-Site Scripting vulnerability in search function Activity Log WordPress Plugin
[SECURITY] [DSA 3640-1] firefox-esr security update
Internet Storm Center Infocon Status